Upstaff Sign up
Aliaksandr Z.
🇵🇱Poland
Created AtUpstaffer since August, 2024
Book a call Download  PDF resume

Aliaksandr Z. — System Software Developer, Security Architect

Expertise in Embedded Software (12.0 yr.).

Last verified on August, 2024

Core Skills

C/C++/C#
10 yr.
Linux
Linux
5 yr.

Bio Summary

- Experienced System Software Engineer with 12+ years of experience designing and implementing firmware-level and system-level security solutions, sophisticated OS-kernel extensions and device drivers, hi-loaded systems development, and data processing.
- Solid foundation in building secure, real-time operating systems and extending Linux kernel capabilities, with strong proficiency in both C and C++.
- Instrumental in architecting and implementing UEFI hypervisors and firmware for Class B medical devices, emphasizing security features like CryptoCell for secure communications.
- Proven capabilities in vulnerability analysis, leveraging tools like Angr and AFL for automated firmware testing.
- Played a key role in SDLC, driving modern software architecture practices and security foundations in projects across medical and information security industries.
- Upper-Intermediate English

Technical Skills

Programming LanguagesAarch32_64, GLSL, PHP, Python, x86 Assembly
C++ Libraries and ToolsC/C++/C#
UI Frameworks, Libraries, and BrowsersGstreamer
.NET PlatformIdentity Server
JavaScript FrameworksNode.js
AI & Machine LearningOCR, TensorFlow Serving
Data Analysis and Visualization TechnologiesCelonis
Databases & Management Systems / ORMMariaDB
Amazon Web ServicesAWS Security Groups
Google Cloud PlatformGCE
QA, Test Automation, SecurityAFL Service Solutions, Angr, TrustZone
Web/App Servers, MiddlewareApache HTTP Server, XAMPP (X, Apache, MariaDB, PHP, Perl)
Deployment, CI/CD & AdministrationCI/CD
Third Party Tools / IDEs / SDK / ServicesCMake
Codecs & Media ContainersFfmpeg
Virtualization, Containers and OrchestrationGCE, KVM (for Kernel-based Virtual Machine), Qemu
Operating SystemsLinux, Windows
Methodologies, Paradigms and PatternsREST, RPC (Remote Procedure Call)
SDK / API and IntegrationsTPM API, Windows API
Other Technical SkillsBCM, CMSIS, eBFP, Firmware Development, FreeRTOS, GPO (Group Policy Object), HAL, IMPI, OP-TEE, Perl), QSYM, Rv32_64, SBI, XVisor, ZephyrRTOS

Work Experience

Senior Embedded Software Engineer - FW Project

Mar 2023 - Now

Summary: Implementation and architecture design of firmware for Class B medical devices, focusing on RTOS-based firmware, security, and automated firmware testing.

Responsibilities: 

  • Headed FW part of the project
  • Architected SW part of the new brand device based on old legacy one
  • Designed and implemented RTOS-based firmware in C++ (17-20),
    leveraging modern approaches for Interfaces, CMSIS, HAL, State Machines, Event-Based architecture, as well as modern C++ (17-20) SW architecture approaches
  • Designed and implemented security foundations and extensions based on
    CryptoCell functionality, devoted to secured BLE/USB
    communications, encrypted storage
  • Designed and established automated FW testing leveraging CI/CD
    pipelines and FW emulation/re-hosting

Technologies: C++, CMSIS, HAL, State Machines, Event-Based architecture, CryptoCell, BLE, USB, CI/CD.

 

Senior Embedded Software Engineer - Automated Discovery Firmware Vulnerabilities Project

Mar 2021 - Mar 2023

Summary: Leadership and architecture of a project for automated discovery of firmware vulnerabilities leveraging advanced analysis techniques.

Responsibilities: 

  • Headed project and designed its architecture and integrations into the main product
  • Leveraged symbolic-execution and dynamic binary instrumentation for
    automated discovery of vulnerabilities in firmware binaries
  • Leveraged the existing state-of-the-art fuzzing and emulating techniques to
    automated firmware analysis to explore software weaknesses and
    detect exploitable vulnerabilities
  • Implemented lightweight software-based API-level emulation for mbedOS,
    FreeRTOS, thereby sufficiently improves the speed and coverage of firmware
    emulation and analysis
  • Adopted OCR and image processing approaches for detecting functions
    signatures in stripped binaries, which made it possible to achieve high
    detection accuracy

Technologies: Symbolic execution, dynamic binary instrumentation, mbedOS, FreeRTOS, OCR, image processing.

 

Senior Information Security Software Engineer - Afina Systems

Jan 2019 - Mar 2021

Responsibilities:

UEFI Hypervisor Project:

  • Architected, designed, and implemented UEFI hypervisor for Intel VT-x/dbased chipsets
  • Enhanced functionality of existing UEFI DXE drivers to support more UEFI
    protocols

Devices Restricted Space Project:

  • Architected, designed, and implemented framework (host and guest parts)
    for fine-grained policy-based control of guest devices in a host-maintained pace for TrustZone-enabled and MultiZone-enabled SoCs
  • Developed integrations of the framework into ZephyrRTOS and FreeRTOS,
    developed Linux kernel integration module

Linux Desktop Management Project:

  • Headed development of Desktop Management project on Linux
  • Designed core project architecture, and interviewed applicants on
    project
  • Implemented eBFP-based activity monitor to detect anomalous behavior in
    user’s applications
  • Implemented various Linux Security Module extensions for managing
    desktop users activities

Technologies: UEFI hypervisor, Intel VT-x, TrustZone, ZephyrRTOS, Linux, eBFP.

 

Senior Software Development Engineer - Falcongaze Company

Aug 2014 - Jan 2019

Summary: Development of security frameworks for data prevention, removable device control, and printer job monitoring in a system software environment.

Responsibilities:

Data Lost Prevention Project :

  • Designed and implemented file-systems control management and context
    filtering framework, which provides the ability to shadow file operations and data for further analysis, and on-the-fly context-based data access control for users
  • Introduced and adopted C++ usage in existing Windows kernel modules,
    that improved code quality and facilitated maintenance of existing
    projectsDevice

Access Control Project :

  • Designed and implemented removable devices access control framework,
    which allowed policy-based runtime inserting/removing from station
    suspicious devices backed by various interfaces (USB, PCIe, Bluetooth,
    SATA, IDE, HDMI)
  • Implemented policy-based time-restricted and activity-restricted access to the MTD-devices

Data Processing Server Project :

  • Designed and implemented cloud-fashioned architecture for images and
    videos storage and processing
  • Implemented PKI, Authentication and Authorization protocols, Cache Policy and Load Balancing, exposed RPC and REST interfaces
  • Leveraged image and video streaming and frameworks such as
    GStreamer, FFmpeg, Tesseract OCR, Abby OCR

Printer Subsystem Management Project :

  • Developed and maintained printer usage control framework
  • Leveraged Windows Device Management Subsystem on both user-level
    applications and kernel-level modules for policy-based printers access
    control
  • Implemented shadowing of printer jobs for further analysis
  • Implemented context-based restrictions for printed documents

Technologies: C++, Windows kernel modules, GStreamer, FFmpeg, REST, RPC.

 

Middle Software Developer C/C++ - Security Software Systems Inc

Aug 2011 - Aug 2014

Summary: Development of network filters, traffic interceptors, and application control systems for Windows network stack.

Responsibilities:

Network Packet Filtering Engine Project :

  • Implemented parser for proprietary network protocols (MAPI, YAHOOP,
    MTPRCP, XSRTP)
  • Designed and implemented the application’s network functions hooking library, which allowed to intercept and parse many closed and obfuscated messaging protocols (WhatsApp, Skype)

Network Traffic Interceptor Project:

  • Designed and implemented Windows WFP kernel module and control
    daemon for interception and manipulation of TCP/UDP packets in Windows 8+ network stack, which replaced old existing TDI-based solution and provided more robust and flexible functionality on modern Windows releasesApplications

Control Engine Project:

  • Designed and implemented Windows Printing Subsystem shadowing and
    context controlling library, which provides creating copies of printed data and allows/rejecting printer operations based on data context

Technologies: C/C++, Windows WFP, TDI, Printing Subsystem.

 

Junior System Software Engineer - VBA32 Ltd, MINSK

Aug 2009 - Aug 2011

Summary: x86 CPU emulator development and Windows environment emulator enhancements for improved performance and malicious code detection.

Responsibilities: 

x86 CPU Emulator Project:

  • Implemented AMD-specific instruction set (MONITORX, MCOMMIT,
    INVLPGB, etc)
  • Implemented some undocumented x86 instructions from Ralf Brown’s List

win32 Environment Emulator Project :

  • Designed and implemented Win32 Registry Subsystem emulation, that
    provide the ability to detect sophisticated malicious code
  • Moved the entire project from using Squirrel to Lua, which allowed an increased performance of emulation and decreased time complexity for adding new futures into the emulator

Technologies: x86 instruction set, Ralf Brown’s List, Win32 Registry, Squirrel, Lua.

Education

Belarusian State University of Informatics and Radioelectronics

Engineer of Radioinformatics Systems, Master of Engineering Science in Telecommunications and Radio Informatics

How to hire with Upstaff

1

Talk to Our Talent Expert

Our journey starts with a 30-min discovery call to explore your project challenges, technical needs and team diversity.

2

Meet Carefully Matched Talents

Within 1-3 days, we’ll share profiles and connect you with the right talents for your project. Schedule a call to meet engineers in person.

3

Validate Your Choice

Bring new talent on board with a trial period to confirm you hire the right one. There are no termination fees or hidden costs.

Why Upstaff

Upstaff is a technology partner with expertise in AI, Web3, Software, and Data. We help businesses gain competitive edge by optimizing existing systems and utilizing modern technology to fuel business growth.

Real-time project team launch

<24h

Interview First Engineers

Upstaff's network enables clients to access specialists within hours & days, streamlining the hiring process to 24-48 hours, start ASAP.

x10

Faster Talent Acquisition

Upstaff's network & platform enables clients to scale up and down blazing fast. Every hire typically is 10x faster comparing to regular recruitement workflow.

Vetted and Trusted Engineers

100%

Security And Vetting-First

AI tools and expert human reviewers in the vetting process is combined with track record & historically collected feedbacks from clients and teammates.

~50h

Save Time For Deep Vetting

In average, we save over 50 hours of client team to interview candidates for each job position. We are fueled by a passion for tech expertise, drawn from our deep understanding of the industry.

Flexible Engagement Models

Arrow

Custom Engagement Models

Flexible staffing solutions, accommodating both short-term projects and longer-term engagements, full-time & part-time

Sharing

Unique Talent Ecosystem

Candidate Staffing Platform stores data about past and present candidates, enables fast work and scalability, providing clients with valuable insights into their talent pipeline.

Transparent

$0

No Hidden Costs

Price quoted is the total price to you. No hidden or unexpected cost for for candidate placement.

x1

One Consolidated Invoice

No matter how many engineers you employ, there is only one monthly consolidated invoice.

Ready to hire Aliaksandr Z.
or someone with similar Skills?
Book a call with Aliaksandr Z.
Looking for Someone Else? Join Upstaff access to All profiles and Individual Match
Start Hiring